US20110131636A1 - Secure transference of data between removable media and a security server - Google Patents

Secure transference of data between removable media and a security server Download PDF

Info

Publication number
US20110131636A1
US20110131636A1 US12/629,087 US62908709A US2011131636A1 US 20110131636 A1 US20110131636 A1 US 20110131636A1 US 62908709 A US62908709 A US 62908709A US 2011131636 A1 US2011131636 A1 US 2011131636A1
Authority
US
United States
Prior art keywords
operating system
information
security
program code
computer usable
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US12/629,087
Other versions
US8316459B2 (en
Inventor
Yosi Shani
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yazamtech Ltd
Original Assignee
Yazamtech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yazamtech Ltd filed Critical Yazamtech Ltd
Priority to US12/629,087 priority Critical patent/US8316459B2/en
Assigned to YAZAMTECH LTD. reassignment YAZAMTECH LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SHANI, YOSI
Publication of US20110131636A1 publication Critical patent/US20110131636A1/en
Application granted granted Critical
Publication of US8316459B2 publication Critical patent/US8316459B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Definitions

  • the present invention relates to the field of data security, and more particularly, to securing a computer network in respect to insertion of infected information from removable media.
  • Network security is a crucial to the functioning of all computer networks. Security applications that are operated by a security server can not control information from removable media that are directly inserted to networked devices such as workstations due to their physical contact.
  • Embodiments of the present invention provide a data processing system for securing information transfer from a removable media, comprising: an security server; and a plurality of networked devices.
  • Each networked device comprises a first basic operating system arranged to operate the networked device; a second operating system, substantially differing structurally from the first operating system, and arranged to communicate with the security server over a secure communication link; and an I/O (Input/Output) port arranged to allow connecting the removable device thereto.
  • the networked device is arranged to communicate with the removable device only via the second operating system responsive to the connection of the removable device to the I/O port, while the first operating system is disabled from communicating with the I/O port.
  • the second operating system is arranged to receive the information from the removable media via the I/O port and send the information to the security server.
  • the security server is arranged to apply on the sent information a plurality of operations relating to information security and in reference to predefined security criteria, such that the information is secure for use in the networked devices.
  • Embodiments of the present invention provide a computer-implemented method of securing information transfer from a removable media to a plurality of networked devices, via the I/O port of one of the networked devices, each networked device having a first operating system arranged to operate the networked device.
  • the computer-implemented method comprises: installing a second operating system in each networked device, the second operating system substantially differing structurally from the first operating system; configuring the networked device to communicate with the removable device via the second operating system responsive to connecting the removable device to the port; receiving, via the second operating system, the information from the removable media; sending the information via a secure communication link to an security server; and applying on the sent information security operations in reference to predefined security criteria.
  • Embodiments of the present invention provide a computer program product for securing information transfer from a removable media to a networked device via a port, the networked device having a first operating system arranged to operate the networked device, comprising a computer usable medium having computer usable program code tangibly embodied thereon.
  • the computer usable program code comprises: computer usable program code for receiving information from the removable media via the port, comprising a second operating system that is substantially different structurally from the first operating system; computer usable program code for configuring the networked device to communicate with the removable device via the second operating system responsive to connecting the removable device to the port; computer usable program code for sending the information via a secure communication link to an security server; and computer usable program code for applying on the sent information security operations in reference to predefined security criteria.
  • FIGS. 1 and 2 are high level schematic block diagrams of a data processing system for securing information transfer from a removable media, according to some embodiments of the invention.
  • FIGS. 3A and 3B are high level flowcharts illustrating a computer-implemented method of securing information transfer according to some embodiments of the invention.
  • networked device as used herein in this application, is defined as any device in a network, for example computers or servers connected in any type of network, for example a company network or the Internet.
  • Networked devices may comprise server dealing with either incoming data or outgoing data.
  • FIGS. 1 and 2 are high level schematic block diagrams of a data processing system 101 for securing information transfer from and to a removable media 120 , according to some embodiments of the invention.
  • Data processing system 101 comprises an security server 100 and a plurality of networked devices 110 .
  • Each networked device 110 comprises a first basic operating system 112 arranged to operate networked device 110 , such as the indigenous operating system of networked device 110 as well as a second operating system 114 , substantially differing structurally from first operating system 112 (e.g., second operating system 114 being LINUX while first operating system 112 being WINDOWS), and arranged to communicate with security server 100 over a secure communication link 99 (e.g., with a secure communication protocol such as HTTPS, SFTP).
  • a secure communication protocol such as HTTPS, SFTP
  • Removable media 120 may connected to networked device 110 via an I/O (Input/Output) port 116 arranged to allow connecting removable device 120 thereto.
  • Networked device 110 is arranged to communicate with removable device 120 via second operating system 114 only, while first operating system 112 is disabled from communicating with I/O port 116 , and responsive to the connection of removable device 120 to I/O port 116 .
  • I/O port 116 may communicate solely with second operating system 114 , and is blocked from access from any other elements within networked device 110 or other networked devices 110 . Blocking may be carried out by system capabilities or from external resources.
  • second operating system 114 is arranged to receive the information from removable media 120 via I/O port 116 and send the information securely to security server 100 , that is arranged to apply on the sent information a plurality of operations relating to information security and in reference to predefined security criteria, such that the information is secure for use in any networked devices 110 in the network.
  • second operating system 114 is arranged to receive information securely from security server 100 and send the information to removable media 120 via I/O port 116 .
  • Security server 100 is arranged to apply on the information a plurality of operations relating to information security and in reference to predefined security criteria, such that the information is allowable for use outside the network.
  • Security server 100 may receive the information from any networked devices 110 in the network.
  • examples for operations relating to information security are, for incoming information: blocking of executable files, removing hostile code such as viruses, removing macros, removing hidden information, removing images according to specified criteria, cleaning FLASH files, and for outgoing information: removing properties, allowing specified file types only, removing or changing hidden information, or removing images according to specified criteria.
  • networked devices 110 are protected from potentially malicious software on inserted removable media 120 , and yet may use and interact with allowable software and content from removable media 120 , as approved by security server 100 .
  • Security server 100 is arranged to protect a network by being the only network element that handles external sources such as removable media 120 . Thus, any external information is immediately directed to security server 100 avoiding any interaction with device or network components.
  • Security server 100 is arranged to check incoming information and generate a secure version thereof for use by all network components and networked devices 110 . The same operation is applied for outgoing information, wherein all outgoing information is passed to security server 100 before reaching external media such as removable media 120 .
  • Outgoing information is checked and processed by security server 100 to generate a version that is allowable to exit the network. This version is then transferred by security server 100 to removable media 120 exclusively via second operating system 114 .
  • security server 100 may change or filter software code and content from removable media 120 such as to avoid damage to networked devices 110 and other servers in the network therefrom.
  • Security server 100 may be arranged to generate a secure version of the information by the application of the operations thereupon, and send the secure version to first operating system 112 of at least one of networked devices 110 .
  • security server 100 may also control or filter outgoing information.
  • Security server 100 may be arranged to receive information from first operating system 112 of at least one of networked devices 110 , apply a plurality of data security operations thereupon, thereby generating a secure version thereof, and send the secure version to removable media 120 via second operating system 114 of the corresponding networked device 110 .
  • the secure version may comprise inserted information and may be devoid of erased information. Insertions and erasures may be determined according to predefined rules.
  • a computer program product for securing information transfer from removable media 120 to networked device 110 via I/O port 116 .
  • the computer program product comprises a computer usable medium having computer usable program code tangibly embodied thereon.
  • the computer usable program code comprises: computer usable program code for receiving information from removable media 120 via I/O port 116 , comprising second operating system 114 that is substantially different structurally from first operating system 112 ; computer usable program code for configuring networked device 110 to communicate with removable device 120 via second operating system 114 responsive to connecting removable device 120 to port 116 ; computer usable program code for sending the information via secure communication link 99 to security server 100 ; and computer usable program code for applying on the sent information security operations in reference to predefined security criteria.
  • the computer usable program code may further comprise computer usable program code for generating a secure version of the information by the application of the security operations thereupon, and computer usable program code for distributing the secure version in a network.
  • the computer usable program code may further comprise computer usable program code for receiving information from first operating system 112 of networked device 110 ; computer usable program code for applying a plurality of data security operations upon the information received from first operating system 112 , thereby generating a secure version thereof; and computer usable program code for sending the secure version to removable media 120 via second operating system 114 of networked device 110 .
  • FIGS. 3A and 3B are high level flowcharts illustrating a computer-implemented method of securing information transfer according to some embodiments of the invention.
  • the computer-implemented method secures information transfer from a removable media to a plurality of networked devices, via an I/O port of one of the networked devices.
  • Each networked device has a first operating system arranged to operate the networked device.
  • the computer-implemented method comprises the following stages ( FIG.
  • stage 3A installing a second operating system in each networked device, the second operating system substantially differing structurally from the first operating system (stage 150 ); configuring the networked device to communicate with the removable device via the second operating system responsive to connecting the removable device to the I/O port, and disabling the first operating system from communicating with the I/O port (stage 155 ); receiving, via the second operating system, the information from the removable media (stage 160 ); sending the information via a secure communication link to an security server (stage 165 ); and applying on the sent information security operations in reference to predefined security criteria (stage 170 ).
  • the computer-implemented method may comprise the following stages: receiving information from the first operating system of at least one of the networked devices (stage 175 ); applying a plurality of data security operations thereupon, thereby generating a secure version thereof (stage 180 ); generating, by the security server, of a secure version of the information by the application of the security operations thereupon (stage 185 ); sending the secure version to at least one of the networked devices (stage 190 ); and sending the secure version to the removable media via the second operating system of the corresponding networked device (stage 195 ).
  • the application of security operations may comprise erasing information, and/or inserting information, as well as applying various markings and encryptions on parts of the information.
  • the systems and methods allow using the networked devices in a secure manner in respect to the removable media, without necessitating use of specialized workstation for information transfer, without endangering the networked devices or other servers in the network.
  • the systems and methods allow transferring and receiving information in a secure manner among any group of devices in the virtual world.
  • the systems and methods do not require approval and regulation processes for removable media and no need to characterize them prior to the actual use.
  • control of the security definitions and application is kept at a global level and is not carried out on the networked devices locally.
  • a switching module may control the activation of the second operating system and keep a fluent transition between the first and the second operating system.
  • Each second operating system in each networked device may be uniquely identified by the security server, e.g., by using a digital signature, such as to allow the security server to identify networked devices with an operable second operating system.
  • Methods of the present invention may be implemented by performing or completing manually, automatically, or a combination thereof, selected steps or tasks.
  • method may refer to manners, means, techniques and procedures for accomplishing a given task including, but not limited to, those manners, means, techniques and procedures either known to, or readily developed from known manners, means, techniques and procedures by practitioners of the art to which the invention belongs.
  • the present invention may be implemented in the testing or practice with methods and materials equivalent or similar to those described herein.

Abstract

A data processing system for securing information transfer from a removable media, comprising a security server and networked devices. Each networked device comprises a first operating system arranged to operate it; a second operating system, substantially differing structurally from the first operating system, and arranged to communicate with the security server over a secure communication link; and an I/O port arranged to allow connecting the removable device thereto. Each networked device is arranged to communicate with the removable device only via the second operating system responsive to the connection of the removable device to the port. The second operating system receives the information from the removable media via the I/O port and sends the information to the security server, which applies thereon operations relating to information security and in reference to predefined security criteria, such that the information is secure for use in the networked devices.

Description

    BACKGROUND
  • 1. Technical Field
  • The present invention relates to the field of data security, and more particularly, to securing a computer network in respect to insertion of infected information from removable media.
  • 2. Discussion of Related Art
  • Network security is a crucial to the functioning of all computer networks. Security applications that are operated by a security server can not control information from removable media that are directly inserted to networked devices such as workstations due to their physical contact.
  • BRIEF SUMMARY
  • Embodiments of the present invention provide a data processing system for securing information transfer from a removable media, comprising: an security server; and a plurality of networked devices. Each networked device comprises a first basic operating system arranged to operate the networked device; a second operating system, substantially differing structurally from the first operating system, and arranged to communicate with the security server over a secure communication link; and an I/O (Input/Output) port arranged to allow connecting the removable device thereto. The networked device is arranged to communicate with the removable device only via the second operating system responsive to the connection of the removable device to the I/O port, while the first operating system is disabled from communicating with the I/O port. The second operating system is arranged to receive the information from the removable media via the I/O port and send the information to the security server. The security server is arranged to apply on the sent information a plurality of operations relating to information security and in reference to predefined security criteria, such that the information is secure for use in the networked devices.
  • Embodiments of the present invention provide a computer-implemented method of securing information transfer from a removable media to a plurality of networked devices, via the I/O port of one of the networked devices, each networked device having a first operating system arranged to operate the networked device. The computer-implemented method comprises: installing a second operating system in each networked device, the second operating system substantially differing structurally from the first operating system; configuring the networked device to communicate with the removable device via the second operating system responsive to connecting the removable device to the port; receiving, via the second operating system, the information from the removable media; sending the information via a secure communication link to an security server; and applying on the sent information security operations in reference to predefined security criteria.
  • Embodiments of the present invention provide a computer program product for securing information transfer from a removable media to a networked device via a port, the networked device having a first operating system arranged to operate the networked device, comprising a computer usable medium having computer usable program code tangibly embodied thereon. The computer usable program code comprises: computer usable program code for receiving information from the removable media via the port, comprising a second operating system that is substantially different structurally from the first operating system; computer usable program code for configuring the networked device to communicate with the removable device via the second operating system responsive to connecting the removable device to the port; computer usable program code for sending the information via a secure communication link to an security server; and computer usable program code for applying on the sent information security operations in reference to predefined security criteria.
  • These, additional, and/or other aspects and/or advantages of the present invention are: set forth in the detailed description which follows; possibly inferable from the detailed description; and/or learnable by practice of the present invention.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present invention will be more readily understood from the detailed description of embodiments thereof made in conjunction with the accompanying drawings of which:
  • FIGS. 1 and 2 are high level schematic block diagrams of a data processing system for securing information transfer from a removable media, according to some embodiments of the invention; and
  • FIGS. 3A and 3B are high level flowcharts illustrating a computer-implemented method of securing information transfer according to some embodiments of the invention.
  • DETAILED DESCRIPTION
  • Before explaining at least one embodiment of the invention in detail, it is to be understood that the invention is not limited in its application to the details of construction and the arrangement of the components set forth in the following description or illustrated in the drawings. The invention is applicable to other embodiments or of being practiced or carried out in various ways. Also, it is to be understood that the phraseology and terminology employed herein is for the purpose of description and should not be regarded as limiting.
  • For a better understanding of the invention, the usages of the following terms in the present disclosure are defined in a non-limiting manner: The term “networked device” as used herein in this application, is defined as any device in a network, for example computers or servers connected in any type of network, for example a company network or the Internet. Networked devices may comprise server dealing with either incoming data or outgoing data.
  • FIGS. 1 and 2 are high level schematic block diagrams of a data processing system 101 for securing information transfer from and to a removable media 120, according to some embodiments of the invention. Data processing system 101 comprises an security server 100 and a plurality of networked devices 110. Each networked device 110 comprises a first basic operating system 112 arranged to operate networked device 110, such as the indigenous operating system of networked device 110 as well as a second operating system 114, substantially differing structurally from first operating system 112 (e.g., second operating system 114 being LINUX while first operating system 112 being WINDOWS), and arranged to communicate with security server 100 over a secure communication link 99 (e.g., with a secure communication protocol such as HTTPS, SFTP). Removable media 120 may connected to networked device 110 via an I/O (Input/Output) port 116 arranged to allow connecting removable device 120 thereto. Networked device 110 is arranged to communicate with removable device 120 via second operating system 114 only, while first operating system 112 is disabled from communicating with I/O port 116, and responsive to the connection of removable device 120 to I/O port 116. I/O port 116 may communicate solely with second operating system 114, and is blocked from access from any other elements within networked device 110 or other networked devices 110. Blocking may be carried out by system capabilities or from external resources.
  • As illustrated in FIG. 1, second operating system 114 is arranged to receive the information from removable media 120 via I/O port 116 and send the information securely to security server 100, that is arranged to apply on the sent information a plurality of operations relating to information security and in reference to predefined security criteria, such that the information is secure for use in any networked devices 110 in the network.
  • As illustrated in FIG. 2, second operating system 114 is arranged to receive information securely from security server 100 and send the information to removable media 120 via I/O port 116. Security server 100 is arranged to apply on the information a plurality of operations relating to information security and in reference to predefined security criteria, such that the information is allowable for use outside the network. Security server 100 may receive the information from any networked devices 110 in the network.
  • According to some embodiments of the invention, examples for operations relating to information security are, for incoming information: blocking of executable files, removing hostile code such as viruses, removing macros, removing hidden information, removing images according to specified criteria, cleaning FLASH files, and for outgoing information: removing properties, allowing specified file types only, removing or changing hidden information, or removing images according to specified criteria.
  • In these ways, networked devices 110 are protected from potentially malicious software on inserted removable media 120, and yet may use and interact with allowable software and content from removable media 120, as approved by security server 100.
  • Security server 100 is arranged to protect a network by being the only network element that handles external sources such as removable media 120. Thus, any external information is immediately directed to security server 100 avoiding any interaction with device or network components. Security server 100 is arranged to check incoming information and generate a secure version thereof for use by all network components and networked devices 110. The same operation is applied for outgoing information, wherein all outgoing information is passed to security server 100 before reaching external media such as removable media 120. Outgoing information is checked and processed by security server 100 to generate a version that is allowable to exit the network. This version is then transferred by security server 100 to removable media 120 exclusively via second operating system 114.
  • According to some embodiments of the invention, security server 100 may change or filter software code and content from removable media 120 such as to avoid damage to networked devices 110 and other servers in the network therefrom. Security server 100 may be arranged to generate a secure version of the information by the application of the operations thereupon, and send the secure version to first operating system 112 of at least one of networked devices 110.
  • According to some embodiments of the invention, security server 100 may also control or filter outgoing information. Security server 100 may be arranged to receive information from first operating system 112 of at least one of networked devices 110, apply a plurality of data security operations thereupon, thereby generating a secure version thereof, and send the secure version to removable media 120 via second operating system 114 of the corresponding networked device 110. The secure version may comprise inserted information and may be devoid of erased information. Insertions and erasures may be determined according to predefined rules.
  • According to some embodiments of the invention, there is provided a computer program product for securing information transfer from removable media 120 to networked device 110 via I/O port 116. The computer program product comprises a computer usable medium having computer usable program code tangibly embodied thereon. The computer usable program code comprises: computer usable program code for receiving information from removable media 120 via I/O port 116, comprising second operating system 114 that is substantially different structurally from first operating system 112; computer usable program code for configuring networked device 110 to communicate with removable device 120 via second operating system 114 responsive to connecting removable device 120 to port 116; computer usable program code for sending the information via secure communication link 99 to security server 100; and computer usable program code for applying on the sent information security operations in reference to predefined security criteria.
  • According to some embodiments of the invention, the computer usable program code may further comprise computer usable program code for generating a secure version of the information by the application of the security operations thereupon, and computer usable program code for distributing the secure version in a network.
  • According to some embodiments of the invention, the computer usable program code may further comprise computer usable program code for receiving information from first operating system 112 of networked device 110; computer usable program code for applying a plurality of data security operations upon the information received from first operating system 112, thereby generating a secure version thereof; and computer usable program code for sending the secure version to removable media 120 via second operating system 114 of networked device 110.
  • FIGS. 3A and 3B are high level flowcharts illustrating a computer-implemented method of securing information transfer according to some embodiments of the invention. The computer-implemented method secures information transfer from a removable media to a plurality of networked devices, via an I/O port of one of the networked devices. Each networked device has a first operating system arranged to operate the networked device. The computer-implemented method comprises the following stages (FIG. 3A): installing a second operating system in each networked device, the second operating system substantially differing structurally from the first operating system (stage 150); configuring the networked device to communicate with the removable device via the second operating system responsive to connecting the removable device to the I/O port, and disabling the first operating system from communicating with the I/O port (stage 155); receiving, via the second operating system, the information from the removable media (stage 160); sending the information via a secure communication link to an security server (stage 165); and applying on the sent information security operations in reference to predefined security criteria (stage 170).
  • According to some embodiments of the invention, the computer-implemented method (FIG. 3B) may comprise the following stages: receiving information from the first operating system of at least one of the networked devices (stage 175); applying a plurality of data security operations thereupon, thereby generating a secure version thereof (stage 180); generating, by the security server, of a secure version of the information by the application of the security operations thereupon (stage 185); sending the secure version to at least one of the networked devices (stage 190); and sending the secure version to the removable media via the second operating system of the corresponding networked device (stage 195).
  • According to some embodiments of the invention, the application of security operations (stage 170) may comprise erasing information, and/or inserting information, as well as applying various markings and encryptions on parts of the information.
  • Advantageously, the systems and methods allow using the networked devices in a secure manner in respect to the removable media, without necessitating use of specialized workstation for information transfer, without endangering the networked devices or other servers in the network. The systems and methods allow transferring and receiving information in a secure manner among any group of devices in the virtual world.
  • Advantageously, the systems and methods do not require approval and regulation processes for removable media and no need to characterize them prior to the actual use. However, the control of the security definitions and application is kept at a global level and is not carried out on the networked devices locally.
  • During normal operation of the networked device, the I/O ports are fully blocked from the first operating system. A switching module may control the activation of the second operating system and keep a fluent transition between the first and the second operating system. Each second operating system in each networked device may be uniquely identified by the security server, e.g., by using a digital signature, such as to allow the security server to identify networked devices with an operable second operating system.
  • In the above description, an embodiment is an example or implementation of the inventions. The various appearances of “one embodiment,” “an embodiment” or “some embodiments” do not necessarily all refer to the same embodiments.
  • Although various features of the invention may be described in the context of a single embodiment, the features may also be provided separately or in any suitable combination. Conversely, although the invention may be described herein in the context of separate embodiments for clarity, the invention may also be implemented in a single embodiment.
  • Reference in the specification to “some embodiments”, “an embodiment”, “one embodiment” or “other embodiments” means that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least some embodiments, but not necessarily all embodiments, of the inventions.
  • It is to be understood that the phraseology and terminology employed herein is not to be construed as limiting and are for descriptive purpose only.
  • The principles and uses of the teachings of the present invention may be better understood with reference to the accompanying description, figures and examples.
  • It is to be understood that the details set forth herein do not construe a limitation to an application of the invention.
  • Furthermore, it is to be understood that the invention can be carried out or practiced in various ways and that the invention can be implemented in embodiments other than the ones outlined in the description above.
  • It is to be understood that the terms “including”, “comprising”, “consisting” and grammatical variants thereof do not preclude the addition of one or more components, features, steps, or integers or groups thereof and that the terms are to be construed as specifying components, features, steps or integers.
  • If the specification or claims refer to “an additional” element, that does not preclude there being more than one of the additional element.
  • It is to be understood that where the claims or specification refer to “a” or “an” element, such reference is not be construed that there is only one of that element.
  • It is to be understood that where the specification states that a component, feature, structure, or characteristic “may”, “might”, “can” or “could” be included, that particular component, feature, structure, or characteristic is not required to be included.
  • Where applicable, although state diagrams, flow diagrams or both may be used to describe embodiments, the invention is not limited to those diagrams or to the corresponding descriptions. For example, flow need not move through each illustrated box or state, or in exactly the same order as illustrated and described.
  • Methods of the present invention may be implemented by performing or completing manually, automatically, or a combination thereof, selected steps or tasks.
  • The term “method” may refer to manners, means, techniques and procedures for accomplishing a given task including, but not limited to, those manners, means, techniques and procedures either known to, or readily developed from known manners, means, techniques and procedures by practitioners of the art to which the invention belongs.
  • The descriptions, examples, methods and materials presented in the claims and the specification are not to be construed as limiting but rather as illustrative only.
  • Meanings of technical and scientific terms used herein are to be commonly understood as by one of ordinary skill in the art to which the invention belongs, unless otherwise defined.
  • The present invention may be implemented in the testing or practice with methods and materials equivalent or similar to those described herein.
  • Any publications, including patents, patent applications and articles, referenced or mentioned in this specification are herein incorporated in their entirety into the specification, to the same extent as if each individual publication was specifically and individually indicated to be incorporated herein. In addition, citation or identification of any reference in the description of some embodiments of the invention shall not be construed as an admission that such reference is available as prior art to the present invention.
  • While the invention has been described with respect to a limited number of embodiments, these should not be construed as limitations on the scope of the invention, but rather as exemplifications of some of the preferred embodiments. Other possible variations, modifications, and applications are also within the scope of the invention. Accordingly, the scope of the invention should not be limited by what has thus far been described, but by the appended claims and their legal equivalents.

Claims (13)

1. A data processing system for securing information transfer from a removable media, comprising:
a security server; and
a plurality of networked devices, each comprising:
a first operating system arranged to operate the networked device;
a second operating system, substantially differing structurally from the first operating system, and arranged to communicate with the security server over a secure communication link; and
an I/O port arranged to allow connecting the removable device thereto,
wherein the networked device is arranged to communicate with the removable device via the second operating system responsive to the connection of the removable device to the port, while the first operating system is disabled from communicating with the port,
wherein the second operating system is arranged to receive the information from the removable media via the I/O port and send the information to the security server, and
wherein the security server is arranged to apply on the sent information a plurality of operations relating to information security and in reference to predefined security criteria, such that the information is secure for use in the networked devices.
2. The data processing system of claim 1, wherein the security server is arranged to generate a secure version of the information by the application of the operations thereupon.
3. The data processing system of claim 2, wherein the security server is arranged to send the secure version to the first operating system of at least one of the networked devices.
4. The data processing system of claim 1, wherein the security server is arranged to receive information from the first operating system of at least one of the networked devices, to apply a plurality of data security operations thereupon, thereby generating a secure version thereof, and to send the secure version to the removable media via the second operating system of the corresponding networked device.
5. The data processing system of claim 4, wherein the secure version comprises inserted information and is devoid of erased information.
6. A computer-implemented method of securing information transfer from a removable media to a plurality of networked devices, via an I/O port of one of the networked devices, each networked device having a first operating system arranged to operate the networked device, the computer-implemented method comprising:
installing a second operating system in each networked device, the second operating system substantially differing structurally from the first operating system;
configuring the networked device to communicate with the removable device via the second operating system responsive to connecting the removable device to the port and disabling the first operating system from communicating with the I/O port;
receiving, via the second operating system, the information from the removable media;
sending the information via a secure communication link to an security server; and
applying on the sent information security operations in reference to predefined security criteria.
7. The computer-implemented method of claim 6, further comprising:
receiving information from the first operating system of at least one of the networked devices;
generating, by the security server, a secure version of the information applying a plurality of the security operations thereupon;
sending the secure version to at least one of a corresponding networked devices;
sending the secure version to the removable media via the second operating system of the corresponding networked device.
8. The computer-implemented method of claim 6, wherein the application of security operations comprises at least one of: erasing information, and inserting information.
9. The computer-implemented method of claim 7, wherein the application of security operations comprises at least one of: erasing information, and inserting information.
10. A computer program product for securing information transfer from a removable media to a networked device via a port, the networked device having a first operating system arranged to operate the networked device, comprising a computer usable medium having computer usable program code tangibly embodied thereon, the computer usable program code comprising:
computer usable program code for receiving information from the removable media via the port, comprising a second operating system that is substantially different structurally from the first operating system;
computer usable program code for configuring the networked device to communicate with the removable device via the second operating system responsive to connecting the removable device to the port;
computer usable program code for sending the information via a secure communication link to an security server; and
computer usable program code for applying on the sent information security operations in reference to predefined security criteria.
11. The computer program product of claim 10, wherein the computer usable program code further comprises computer usable program code for generating a secure version of the information by the application of the security operations thereupon.
12. The computer program product of claim 11, wherein the computer usable program code further comprises computer usable program code for distributing the secure version in a network.
13. The computer program product of claim 10, wherein the computer usable program code further comprises:
computer usable program code for receiving information from the first operating system of the networked device;
computer usable program code for applying a plurality of data security operations upon the information received from the first operating system, thereby generating a secure version thereof; and
computer usable program code for sending the secure version to the removable media via the second operating system of the networked device.
US12/629,087 2009-12-02 2009-12-02 Secure transference of data between removable media and a security server Active 2031-07-01 US8316459B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/629,087 US8316459B2 (en) 2009-12-02 2009-12-02 Secure transference of data between removable media and a security server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12/629,087 US8316459B2 (en) 2009-12-02 2009-12-02 Secure transference of data between removable media and a security server

Publications (2)

Publication Number Publication Date
US20110131636A1 true US20110131636A1 (en) 2011-06-02
US8316459B2 US8316459B2 (en) 2012-11-20

Family

ID=44069863

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/629,087 Active 2031-07-01 US8316459B2 (en) 2009-12-02 2009-12-02 Secure transference of data between removable media and a security server

Country Status (1)

Country Link
US (1) US8316459B2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8990550B1 (en) * 2012-12-27 2015-03-24 Emc Corporation Methods and apparatus for securing communications between a node and a server based on hardware metadata gathered by an in-memory process
US10331889B2 (en) * 2017-01-05 2019-06-25 Votiro Cybersec Ltd. Providing a fastlane for disarming malicious content in received input content

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9858424B1 (en) 2017-01-05 2018-01-02 Votiro Cybersec Ltd. System and method for protecting systems from active content
US10013557B1 (en) 2017-01-05 2018-07-03 Votiro Cybersec Ltd. System and method for disarming malicious code
US10331890B2 (en) 2017-03-20 2019-06-25 Votiro Cybersec Ltd. Disarming malware in protected content

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060058658A1 (en) * 2004-09-13 2006-03-16 Siemens Medical Solutions Usa, Inc. Communications between co-located operating systems for medical diagnostic ultrasound and other systems
US20070280211A1 (en) * 2006-05-30 2007-12-06 Microsoft Corporation VoIP communication content control
US7861081B2 (en) * 2004-03-26 2010-12-28 Bce Inc. Security system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7861081B2 (en) * 2004-03-26 2010-12-28 Bce Inc. Security system and method
US20060058658A1 (en) * 2004-09-13 2006-03-16 Siemens Medical Solutions Usa, Inc. Communications between co-located operating systems for medical diagnostic ultrasound and other systems
US20070280211A1 (en) * 2006-05-30 2007-12-06 Microsoft Corporation VoIP communication content control

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8990550B1 (en) * 2012-12-27 2015-03-24 Emc Corporation Methods and apparatus for securing communications between a node and a server based on hardware metadata gathered by an in-memory process
US10331889B2 (en) * 2017-01-05 2019-06-25 Votiro Cybersec Ltd. Providing a fastlane for disarming malicious content in received input content

Also Published As

Publication number Publication date
US8316459B2 (en) 2012-11-20

Similar Documents

Publication Publication Date Title
US20150379287A1 (en) Containerized applications with security layers
US8316459B2 (en) Secure transference of data between removable media and a security server
US8037532B2 (en) Application protection from malicious network traffic
US20060123481A1 (en) Method and apparatus for network immunization
US9544275B2 (en) Communication tunneling in application container environments
US20070266431A1 (en) Firewall Inspecting System and Firewall Information Extraction System
US9218173B2 (en) System, method, and computer program product for collaboratively installing a computer application
CN102804160A (en) Method and memory device for performing an operation on data
CN103955648A (en) Method and device for verifying legality of system image
US20200128042A1 (en) Communication method and apparatus for an industrial control system
US9838359B2 (en) Separation of IoT network thing identification data at a network edge device
CN102763112A (en) Externally managed security and validation processing device
US9674143B2 (en) Security control apparatus and method for cloud-based virtual desktop
UA120517C2 (en) Device and method for controlling a communication network
US20120110657A1 (en) Apparatus and method for host-based network separation
CN110785757B (en) Edge device and method for operating an edge device
Pingale et al. Design aspects for upgrading firmware of a resource constrained device in the field
EP2577548B1 (en) Network security content checking
US20060047948A1 (en) Security system for data processing
US11093615B2 (en) Method and computer with protection against cybercriminal threats
US10417458B2 (en) Securing an unprotected hardware bus
JP6010672B2 (en) Security setting system, security setting method and program
CN111213129A (en) Unobtrusive support for third party traffic monitoring
US20220407894A1 (en) Containerized cross-domain solution
KR101969209B1 (en) Access control method and apparatus in SFC

Legal Events

Date Code Title Description
AS Assignment

Owner name: YAZAMTECH LTD., ISRAEL

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SHANI, YOSI;REEL/FRAME:023590/0048

Effective date: 20091109

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

SULP Surcharge for late payment
MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2552); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 8